Real-Time Analysis (RTA)
(Formerly Fortify Defender)

Protect and monitor your web applications

RTA enables a new, highly accurate layer of Web application security by monitoring security-critical functions and application programming interfaces (APIs) inside the Web application itself. This unique "internal firewall" approach offers critical insight into attacks as well as an unparalleled level of security.

Address PCI Compliance

RTA addresses PCI standards for an application–layer firewall. Section 6.6 of the PCI Data Security Standards currently recommends as a best practice the use of an application–layer firewall or a professional code review. In June of 2008, this is set to become a requirement. All merchants and service providers that store, process, or transmit cardholder data must comply with these standards. RTA offers the most effective, accurate, and easy to use solution for fulfilling this PCI standard.

RTA not only addresses PCI Data Security Standards but also key software security compliance requirements including OWASP Top Ten, HIPAA and more.

RTA's sophisticated technology requires minimal overhead and can be applied to any J2EE or .Net custom Web application, even those where source code is unavailable.

A dynamic web application firewall

RTA gives you:

• Unparalleled insight into actual security events

• RTA monitors custom business web applications from the inside out so it can deliver reports on who attacked, how often, the technique used and much more for every instance of a web application. Security and Operations teams receive data on a wide variety of application attacks with a precision and depth only available through code-level technology, including attacks such as SQL injection, cross-site scripting (XSS), invalid URL probing, HTTP response splitting and more. Operations, security and development teams can also create custom white lists and blacklists for specific input fields based on design constraints, empirical data or existing knowledge.
• Know who attacked, how they attacked, how often, and more

• Defense in depth for custom business web applications

• RTA is an effective complement to existing security technology because it monitors within the web application itself. By placing its unique Call Site Guards™ directly at security-critical function call sites, it can give Security and Operations teams precise, detailed data whenever anomalies occur. What's more, RTA is effective and accurate because it makes use of the web application's business logic semantics, thereby eliminating the need for "learn mode" or further tuning.

• Address compliance requirements

• RTA provides security that addresses software security compliance requirements for Payment Card Industry (PCI) Data Security Standards, OWASP Top Ten, HIPAA and more.

• No source code required

• RTA works directly with the application binary — no source code or additional hardware devices are required.

• Minimal Overhead

• Monitoring and protecting by RTA is only invoked for security-critical functions within the Web application and has minimal impact on application performance.